Man Pages (3), (3C), (3K), (3N), (3R), (3X), (3X11TSOL): Library Functions

getauevnonam(3)

NAME

getauevent, getauevnam, getauevnum, getauevnonam, setauevent, endauevent, getauevent_r, getauevnam_r, getauevnum_r- Get audit_event entry

SYNOPSIS

cc

flags

file

-lbsm

-lsocket

-lnsl

-lintl

library

#include <sys/param.h>
#include <bsm/libbsm.h>

name

event_number

event_name

e

name

e

event_number

DESCRIPTION

These interfaces document the programming interface for obtaining entries from the audit_event(4) file. getauevent() , getauevnam() , getauevnum() , getauevent() , getauevnam() , and getauevnum() each return a pointer to an audit_event structure.

getauevent() and getauevent_r() enumerate audit_event entries; successive calls to these functions will return either successive audit_event entries or NULL .

getauevnam() and getauevnam_r() search for an audit_event entry with a given event_name .

getauevnum() and getauevnum_r() search for an audit_event entry with a given event_number .

getauevnonam() searches for an audit_event entry with a given event_name and returns the corresponding event number.

setauevent() ``rewinds'' to the beginning of the enumeration of audit_event entries. Calls to getauevnam() , getauevnum() , getauevnonum() , getauevnam_r() , or getauevnum_r() may leave the enumeration in an indeterminate state; setauevent() should be called before the first getauevent() or getauevent_r() .

endauevent() may be called to indicate that audit_event processing is complete; the system may then close any open audit_event file, deallocate storage, and so forth.

The three functions getauevent_r() , getauevnam_r() , and getauevnum_r() each take an argument e which is a pointer to an au_event_ent_t . This pointer is returned on a successful function call. To assure there is enough space for the information returned, the applications programmer should be sure to allocate AU_EVENT_NAME_MAX and AU_EVENT_DESC_MAX bytes for the ae_name and ac_desc elements of the au_event_ent_t data structure.

The internal representation of an audit_event entry is an au_event_ent structure defined in <bsm/libbsm.h> with the following members:

au_event_t    ae_number;char           *ae_name;char           *ae_desc;au_class_t     ae_class;

RETURN VALUES

getauevent() , getauevnam() , getauevnum() , getauevent_r() , getauevnam_r() , and getauevnum_r() return a pointer to a struct au_event_ent if the requested entry is successfully located; otherwise it returns NULL .

getauevnonam() returns an event number of type au_event_t if it successfully enumerates an entry; otherwise it returns NULL , indicating it could not find the requested event name.

FILES

/etc/security/audit_event: Maps audit event numbers to audit event names.
/etc/passwd: Stores user- ID to username mappings.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu
MT-Level	MT-Safe with exceptions.

The functions getauevent() , getauevnam() , and getauevnum() are not MT-Safe; however, there are equivalent functions: getauevent_r() , getauevnam_r() , and getauevnum_r() -- all of which provide the same functionality and a MT-Safe function call interface.

SUMMARY OF TRUSTED SOLARIS CHANGES

The functionality described in this man page is available only if auditing has been enabled. By default, auditing is enabled in the Trusted Solaris environment.

Trusted Solaris 7 Reference Manual

getauclassent(3) , audit_class(4) , audit_event(4)

SunOS 5.7 Reference Manual

getpwnam(3C) , passwd(4) , attributes(5)

NOTES

All information for the functions getauevent() , getauevnam() , and getauevnum() is contained in a static area, which may be overwritten, so it must be copied if it is to be saved.

Trusted Solaris 7 Last Revised 29 Dec 1996